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DETAILED ACTION 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C, 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 



Claims 1- 8^are rejected under 35 U.S.C. 102(e) as being anticipated by Li et al., US. 



PGP No. 20040193912, hereinafter Li. 
As per claims 1,10, and 18, Li teaches: 

A system for implementing a policy in a network, said system comprising: 

a device-agnostic policy implementation; 

[see paragraph 26] "Security policies are centrally stored in a policy repository. The data format 
of the security policies is in an intermediate format that is translated to formats that can be 
consumed and enforced on each of the security-enabled devices of the network." 

a plurality of network devices, at least two of said devices being dissimilar; and 

[see paragraph 27] "Security-enabled devices are any processing devices capable of enforcing 
security policies, such as, but not limited to, routers, network hubs, network bridges, switches, 
gateways, clients, servers, stand alone intelligent appliances, computing peripherals, and the 
like." 

a plurality of device translators, each device translator corresponding to a respective one of said plurality 
of network devices, at least two of said device translators being dissimilar, each of said plurality of device 
translators translating said device-agnostic policy implementation into corresponding device-specific 
implementations. 

[see paragraph 28] "One or more policy decision translators interact with the policy repository to 
acquire, distribute, or push security policies to the appropriate security-enabled devices over the 
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network. The policy decision translators include logic to convert the intennediate data format of 
the security policies to needed data formats that can be used by each of the security-enabled 
devices. 

As per claims 2 and 13, Li teaches: 

The system according to claim 1 . wherein said device-agnostic policy implementation is selected from the 
group consisting of firewall. Virtual Private Network. Java 2 Enterprise Edition Application, and custom 
operating system. 

[see paragraph 20] "A PEP 113 can be an application or a device, such as a server, firewall, 
router, or any other computing device accessible over the network." 

As per claims 3 and 14, Li teaches: 

The system according to claim 1, wherein said device-agnostic policy implementation implements a policy 

selected from the group consisting of access control, quality of service, backup, and availability. 

[see paragraph 21] "The PFP 120 includes integrated feedback infonvation obtained from 
intrusion detection systems (IDS), vulnerability scanners, and the like, which can all be PEPs 
themselves." 

Intrusion detection systems perform functions of access control. 
As per claims 4 and 12, Li teaches: 

The system according to claim 1, wherein said device translators are represented by Extensible 
Stylesheet Language (XSL) code. 

[see paragraph 17] ""the policy translators are implemented as Extensible Style Sheet Language 
Transformation (XSLT) applications" 

As per claims 5 and 11, Li teaches: 

The system according to claim 1 , wherein said device-agnostic policy implementation is Extensible 
Markup Language (XML) code. 

[see paragraph 17] "The policy translators are implemented as Extensible Style Sheet Language 
Transformation (XSLT) applications, which use one or more Extensible Style Sheets (XSL) to 
render the security policies represented as XML in the policy repository, " 
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The system according to claim 3, wherein said policy is represented by Extensible Markup Language 
(XML) code. 

[see paragraph 14] "The security policies are stored in a relatior^al database in a native Extensible 
Markup Language (XML) format," 

As per claims 7 and 15, Li teaches: 

The system according to claim 1 . wherein the device-specific implementation is represented by Command 
Line Interface (CLI) code. 

[see paragraph 21] Tieces of the PFP can communicate in IDMEF, SNMP, or any other CLI or 
protocol required by a security-enabled device within the network. " 

As per claims 8 and 16, Li teaches: 

The system according to claim 1 , wherein the device-specific implementation is represented by 
Application Programming Interface (API) code. 

^see paragraph 30] "Different components of the PFP are designed to communicate with the 
CL/s, APIs, and/or protocols recognized by specific security-enabled device applications." 

Claim RejBCtions - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 9 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Li as 

applied to claim 1 above, and further in view of Young, US PGP No. 20050160361. 
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As per claims 9 and 17, 

The Li reference has been discussed above. Li does not expressly teach: 

The system according to daim 1. wherein the device-specific implementation is represented by 
Java code. 
Young teaches: 

[see paragraph 57] "adaptation can be invoked via different programmatic paradigms (e.g., API, 
CLI) and can be invoked on a variety of different platfonvs including, but not limited to, a JAVA 
platfonn, an XML platform, a COM platform and an ODBC platform." 

Java is a general purpose high level programming language with a number of features that make 
the language well suited for use in the World Wide Web. It would be obvious to one of ordinary skill in the 
art which the subject pertains at the time of the invention to modify the Li reference to incorporate Java 
code in order to enable a common security policy configuration across heterogeneous enterprise 
networks. 

CONCLUSION 

The following patents and publications are cited to further show the state of the art with respect to 
methods and systems for managing security policies. 

US PGP No. 20030172368 to Alumbaugh, which is cited to show a method for autonomously 
generating heterogeneous data source interoperability. 

US PGP No. 20020099790. to Mosher, which is cited to show a system for providing convergent 
network services. 

US PGP 20050015439, to Balaji, which is cited to show data integration. 
US PGP No. 200401 17452, to Lee, which is cited to show XML-based network management 
system for configuration of management of heterogeneous networks. 

US Pat. No. 7058637, to Britton, which is cited to show enterprise application integration. 
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US Pat. No 6854123. to Lewallen. which is cited to show mapping standard APIs to user interface 

APIs. 

*. Any response to this Office Action should be faxed to (571) 273-8300 or nfiailed to: 

Commissioner for Patents 
P.O. 60x1450 
Alexandria. VA 22313-1450 



Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can nonmally 
be reached on Monday - Thursday. 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
David Robertson can be reached on 571-272-4186. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-21 7-91 97 (toll-free). 





Daniel L. Hoang 
11/10/06 



